/*
This file is part of maven-bugzilla-plugin.

    maven-bugzilla-plugin is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    maven-bugzilla-plugin is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with maven-bugzilla-plugin.  If not, see <http://www.gnu.org/licenses/>.
 */
package nl.semlab.maven.plugin.bugzilla.util;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * <p>
 * EasyX509TrustManager unlike default {@link X509TrustManager} accepts
 * self-signed certificates.
 * </p>
 * <p>
 * This trust manager SHOULD NOT be used for productive systems due to security
 * reasons, unless it is a concious decision and you are perfectly aware of
 * security implications of accepting self-signed certificates
 * </p>
 * <p />
 * Project maven-bugzilla-plugin<br />
 * EasyX509TrustManager.java created 10 Jul 2009
 * <p />
 * 
 * @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
 * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
 *         <p>
 *         DISCLAIMER: HttpClient developers DO NOT actively support this
 *         component. The component is provided as a reference material, which
 *         may be inappropriate for use without additional customization.
 *         </p>
 * @version $Revision: 1.1 $, $Date: 2009-08-03 10:04:21 $
 */
public class EasyX509TrustManager implements X509TrustManager
{
   private static final Log LOG = LogFactory.getLog(EasyX509TrustManager.class);

   private X509TrustManager standardTrustManager = null;

   /**
    * Constructor for EasyX509TrustManager.
    */
   public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException
   {
      super();
      TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      factory.init(keystore);
      TrustManager[] trustmanagers = factory.getTrustManagers();
      if (trustmanagers.length == 0)
      {
         throw new NoSuchAlgorithmException("no trust manager found");
      }
      standardTrustManager = (X509TrustManager) trustmanagers[0];
   }

   /**
    * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],
    *      String)
    */
   public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException
   {
      standardTrustManager.checkClientTrusted(certificates, authType);
   }

   /**
    * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],
    *      String)
    */
   public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException
   {
      if ((certificates != null) && EasyX509TrustManager.LOG.isDebugEnabled())
      {
         EasyX509TrustManager.LOG.debug("Server certificate chain:");
         for (int i = 0; i < certificates.length; i++)
         {
            EasyX509TrustManager.LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
         }
      }
      if ((certificates != null) && (certificates.length == 1))
      {
         certificates[0].checkValidity();
      }
      else
      {
         standardTrustManager.checkServerTrusted(certificates, authType);
      }
   }

   /**
    * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
    */
   public X509Certificate[] getAcceptedIssuers()
   {
      return standardTrustManager.getAcceptedIssuers();
   }
}